5: Discrete Random Variables and their Distribution Function

A (discrete) random variable is a numerical result of an experiment. It is a function defined on a (discrete) sample space.

1.

Let be a (discrete) probability space andxbe a random variable. A (discrete) distribution function ofxis a function of type provided by a list of probability values

such that the following conditions are satisfied:

pi 0;

i.

ii. 2.

Now let us look at two discrete probability distributions which are frequently used in

cryptography. From now on we shall always drop the word "discrete" from "discrete probability space," "discrete probability distribution," etc. All situations in our considerations will always be discrete.

3.5.1 Uniform Distribution

The most frequently used random variables in cryptography follows uniform distribution:

• Table of Contents

Modern Cryptography: Theory and Practice By Wenbo Mao Hewlett-Packard Company

Publisher: Prentice Hall PTR Pub Date: July 25, 2003

ISBN: 0-13-066943-1 Pages: 648

Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography. This book takes adifferent approach to introducing

cryptography: it pays much more attention tofit-for-application aspects of cryptography. It explains why "textbook crypto" isonly good in an ideal world where data are random and bad guys behave nicely.It reveals the general unfitness of "textbook crypto" for the real world by demonstratingnumerous attacks on such schemes, protocols and systems under variousreal- world application scenarios. This book chooses to introduce a set of practicalcryptographic schemes, protocols and systems, many of them standards or de factoones, studies them closely, explains their working principles, discusses their practicalusages, and examines their strong (i.e., fit-for-application) security properties, oftenwith security evidence formally established. The book also includes self-containedtheoretical background material that is the foundation for modern cryptography.

Let S be the set of non-negative numbers up to k bits (binary digits). Sample a point in S at random by following the uniform distribution. Show that the probability that the sampled point is a k-bit number is .

S = {0,1,2, …, 2k _{– 1} can be partitioned into two disjoint subsets S}

1 = {0,1,2, …, 2k–1–1} and S2 = {2k–1,2k–1 + 1, …, 2k –1} where S2 contains all k-bit numbers, . Applying "Addition 2," we have

In this example, the instruction "sample (a point) p in (a set) S at random by following the uniform distribution" is quite long while it is also a frequent instruction in cryptography. For this reason, we shall shorten this long instruction into "picking p in S at uniformly random," or into an even shorter notation: p U S.

3.5.2 Binomial Distribution

Suppose an experiment has two results, titled "success" and "failure" (e.g., tossing a coin results in HEADS or TAILS). Repeated independent such experiments are called Bernoulli trials if there are only two possible points for each experiment and their probabilities remain the same

throughout the experiments. Suppose that in any one trial.

• Table of Contents

Modern Cryptography: Theory and Practice By Wenbo Mao Hewlett-Packard Company

Publisher: Prentice Hall PTR Pub Date: July 25, 2003

ISBN: 0-13-066943-1 Pages: 648

Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography. This book takes adifferent approach to introducing

cryptography: it pays much more attention tofit-for-application aspects of cryptography. It explains why "textbook crypto" isonly good in an ideal world where data are random and bad guys behave nicely.It reveals the general unfitness of "textbook crypto" for the real world by demonstratingnumerous attacks on such schemes, protocols and systems under variousreal- world application scenarios. This book chooses to introduce a set of practicalcryptographic schemes, protocols and systems, many of them standards or de factoones, studies them closely, explains their working principles, discusses their practicalusages, and examines their strong (i.e., fit-for-application) security properties, oftenwith security evidence formally established. The book also includes self-containedtheoretical background material that is the foundation for modern cryptography.

Equation 3.5.1

where is the number of ways for "picking k out of n."

Here is why (3.5.1) holds. First, event "n trials result in k "successes" and n–k "failures" can

happen in the number of ways for "picking k out of n," that is, the event has points. Secondly, each point consists of k "successes" and n – k "failures," we have the probability pk₍₁

– p)n–k _{for this point.}

If random variable xn takes values 0,1,…, n, and for value p with 0 < p < 1

then we say that xn follows binomial distribution. Comparing with (3.5.1), we know that

Bernoulli trial follows the binomial distribution. We denote by b(k;n,p) a binomial term where k = 0,1,…, n and 0 < p < 1.

Example 3.8.

Let a fair coin be tossed 10 times. What is the probability for all possible numbers of "HEADS appearance" (i.e., appears 0, or 1, or, …, or 10 times)?

i.

The probability for "HEADS appears 5 times?"

ii.

What is that for "HEADS appears less than or equal to 5 times?"

iii.

For (i), since this event always occurs, it should have probability 1. Indeed, applying "Addition Rule 2," we have

• Table of Contents

Modern Cryptography: Theory and Practice By Wenbo Mao Hewlett-Packard Company

Publisher: Prentice Hall PTR Pub Date: July 25, 2003

ISBN: 0-13-066943-1 Pages: 648

Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography. This book takes adifferent approach to introducing

cryptography: it pays much more attention tofit-for-application aspects of cryptography. It explains why "textbook crypto" isonly good in an ideal world where data are random and bad guys behave nicely.It reveals the general unfitness of "textbook crypto" for the real world by demonstratingnumerous attacks on such schemes, protocols and systems under variousreal- world application scenarios. This book chooses to introduce a set of practicalcryptographic schemes, protocols and systems, many of them standards or de factoones, studies them closely, explains their working principles, discusses their practicalusages, and examines their strong (i.e., fit-for-application) security properties, oftenwith security evidence formally established. The book also includes self-containedtheoretical background material that is the foundation for modern cryptography.

For (ii), we have

For (iii), we must sum the probabilities for all cases of 5 or less "HEADS appearances:"

Fig 3.1 plots the binomial distribution for p = 0.5 and n = 10, i.e., that used in Example 3.8.